Digital watermarks as a gateway and control mechanism

ABSTRACT

An electronic e-mail system where messages contain information carried by digital watermarks. The digital watermarks are used to control the transmission and/or receipt of documents transmitted over system. The invention can be used to prevent the accidental dissemination of information to unauthorized receivers. Furthermore, while no security system is fool-proof, the present invention helps guards against the intentional, but unauthorized, dissemination of confidential information to unauthorized receivers.

RELATED APPLICATION

[0001] Applicant claims priority of co-pending application 60/183,681entitled “Digital Watermarks as a Gateway and Control Mechanism”.

FIELD OF THE INVENTION

[0002] The present invention relates to Internet communication and moreparticularly to using digital watermarks to as control elements inInternet communication.

BACKGROUND OF THE INVENTION

[0003] The Internet presents security challenges to corporations andothers who have computers which store confidential information and whichhave connections to the internet. Traditionally, documents containingconfidential information are marked with a legend or other visualindicia with words such a “CONFIDENTIAL”, “PROPRIETARY”, etc. Thepresence of these marks alert anyone handling such documents that theyshould only be transferred outside of company under special precautions.It is relatively difficult and unusual for someone to inadvertentlymanually send such a document to an unauthorized receiver. However, theuse of Internet communication changes the situation.

[0004] The Internet and electronic mail speeds the communicationsprocess; however, the Internet and electronic mail also make it mucheasier to inadvertently or accidentally send a confidential document toan unauthorized receiver. A single accidential or inadvertent keystrokecan have wide raging unintended consequences. The Internet and otherelectronic communication system make it easy to communicate; however,these systems and networks also makes it easy to mistakenly orinadvertently sent a document to the wrong party.

SUMMARY OF THE PRESENT INVENTION

[0005] The present invention utilizes digital watermarks to control thetransmission and/or receipt of documents transmitted over computernetworks such as the Internet. The invention can be used to prevent theaccidental dissemination of information to unauthorized receivers.Furthermore, while no security system is fool-proof, the presentinvention helps guards against the intentional, but unauthorized,dissemination of confidential information to unauthorized receivers.

[0006] Most electronically transmitted messages contain text. However,electronic mail systems generally allow images (i.e. pictures) or soundbites to be embedded into and form part of a message. For example, amessage can contain a “stamp” with the word “confidential” or a messagecan contain a sound clip with the word “confidential”. An image or soundclip that forms part of an electronic message can carry a digitalwatermark that can be detected and read by conventional watermarkreading programs.

[0007] The “payload” or digital data in a digital watermark typicallyhas a number of different fields. One or more of these fields can bededicated to a flags which indicates that the document or imagecontaining the watermark is confidential or otherwise classified andthat it should only be disseminated in a particular manor.

[0008] Typically, e-mail enters a transmission network by way of ane-mail server. Programs that can detect and read watermarks are wellknown and commercially available. With the present invention, the e-mailserver passes each e-mail messages through a watermark detection andreading program prior to sending the message out over a network. If thewatermark program detects a watermark, it interrogates certain flag bitsto determine how the message should be handled. For example, if thewatermark reading program finds that a particular flag is set, it cantake action such as alerting both the sender and a networkadministrator. If the watermark program finds no watermark or finds thata particular flag is not set, the message is sent over the network in aconventional manner. Alternately, the message can be sent only if aparticular flag is set.

[0009] Thus, the present invention can serve as a control mechanism forcontrolling the dissemination and receipt of electronic messages.

[0010] Messages and documents also enter the Internet and otherelectronic networks from servers such as Web servers and FTP servers. Ina similar fashion a watermark detection program can interrogatedocuments on servers such as Web and FTP servers and take action asdescribed above.

BRIEF DESCRIPTION OF THE FIGURES

[0011]FIG. 1 is a diagram with an image containing the words“Confidential”.

[0012]FIG. 2 is diagram of the fields in a typical watermark.

[0013]FIG. 3 is a diagram of a typical e-mail system.

[0014]FIG. 4 is a more detailed diagram of the watermark reading anddetection program shown in FIG. 3.

DESCRIPTION OF PREFERRED EMBODIMENT

[0015] The embodiments of the invention described herein relate tosystems for transmitting e-mail messages over the Internet. This firstembodiment has the ability to prevent the accidental dissemination ofconfidential e-mail messages and documents to unauthorized users. Thatis, the first embodiment of the invention prevents the transmission ofconfidential e-mail or documents to anyone. An alternate embodimentmerely prevent the transmission of confidential documents to“unauthorized” users. That is, if a message is sent to two recipients,one of whom is authorized and one of whom is not authorized, thedocuments are transmitted to authorized user and not transmitted tounauthorized user. It is very easy to add addressees to an e-mailmessage. Someone may address an e-mail message which containsconfidential information to a large group of people without realizingthe one of the addressee is not authorized to receive confidentialinformation. The system of the present invention will prevent such ane-mail from being transmitted to the unauthorized person even though thesender included the address of that person in the list of addressee.Another alternative embodiment can take a variety of actions such aslogging messages or sending them to an administrator in addition topreventing them from being disseminated.

[0016] A typical confidential document 10 is represented in FIG. 1. Thedocument 10 can either be an e-mail message, or alternatively it may bea document that is attached to an e-mail message. The document 10includes a confidentiality stamp 11 and lines of text. Theconfidentiality stamp 11 is an image that has the word “confidential”superimposed over a background that has a variety of lines. That is, thebackground in image 11 contains lines the width of which are varied tocarry a watermark in accordance with the teachings of U.S. applicationSer. No. 09/074,034, filed May 6, 1998 (which corresponds to PCTapplication PCT/US99/08252), and U.S. application Ser. No. 09/127,503,filed Jul. 31, 1998 (which corresponding to PCT applicationPCT/US99/14532). The disclosures of the above referenced patentapplications are hereby incorporated herein in their entireties byreference. Alternatively the background of image 11 may comprise a weaveor tint pattern that carries a watermark. In still another alternativeembodiment instead of having an image 11 embedded in the message, themessage may contain an audio clip with the work confidential. The audioclip would be watermarked using conventional audio watermarkingtechniques. However, in the first embodiment described herein the, image11 has both a human readable word “Confidential” and a digital watermarkthat can be read by a watermark detection and reading program.

[0017] The data fields and flags in a typical watermark payload areshown in FIG. 2. It should be understood that the fields and flags shownare merely representative and they can take may alternative forms. Thefirst embodiment of the invention utilizes one of the flag fields toindicate that a particular document is confidential. The other fieldscan be used in a conventional manner. Alternate embodiments can use anumber of flags to indicate actions that should be taken with aparticular message.

[0018]FIG. 3 shows a typical e-mail system. A relatively large number ofindividual user terminal 301 are connected to an e-mail server 302. Onlyfive representative terminals designated 301 a to 301 x are shown forconvenience of illustration. The terminals 301 are connected to server302 by conventional connections such as by an Ethernet LAN or by dial upmodems. The e-mail server 302 has a conventional interface 303 to theInternet and it receives and sends messages from the individual users tothe Internet. The e-mail server 302 is conventional and the details ofthe e-mail server 302 forms no part of the present invention. However,with the present invention, before the e-mail server 302 transmits amessage from one of the individual user terminals 301 a to 301 x to theInternet, the e-mail server passes the message through a watermarkdetection and reading program 305. Both the e-mail message itself andany attached documents are passed through the watermark reading program.The watermark detection and reading program 305 determines if a messagecontains a watermark. If a watermark is detected, the confidentialityflag bit is interrogated. If the watermark reading program 305determines that the flag bit is set to “confidential”, the firstembodiment of the invention merely informs the e-mail server 302 toreturn the message to the sender. Thus, the first embodiment of theinvention prohibits any confidential information from being transmittedas part of an e-mail message.

[0019] A second embodiment of the invention provides for a wider arrayof alternative. As shown in FIG. 4, the second embodiment of theinvention includes a data base 401. The data base 401 contains a list ofdifferent potential message senders, a list showing different groups ofpotential message recipients, and a set of possible categories indicatedby the setting of the various flags in a message. For example, thesenders may fall into three groups designated sender groups S1, S2 andS3. The potential recipients can fall into three groups designated R1,R2, and R3. The data base 401 and the associated logic 402 can implementlogic rules such as indicated by the following table: Sender RecipientFlag Group Group Conditions Action S1 R1 011 Send message S1 R2 110 Donot sent message notify the administrator S1 R2 001 Send message, andlog fact that S1 sent a message to R2. S1 R2 101 Return message tosender S2 R1 011 Send message S2 R3 110 Do not sent message and notifythe system administrator

[0020] It should be clearly noted that the above is merely a simplifiedexample of the rules and combinations that could be in data base 401.The data bases could include hundreds or thousands of users and it couldinclude dozens of rules. The system can be complex or simple as desiredfor a particular application. A system can include many alternatives inaddition to those shown above or a system might include only a very fewalternatives. For example, the system could include only a list ofaddresses which are authorized to receive messages which have aconfidentiality flag set to “confidential”. Such a system would allowconfidential documents to be only sent to selected addresses.Alternatively or in addition the system could include a list ofindividuals authorized to send confidential documents. The system couldmerely check the sender against this list or alternatively, the systemcould require that a password be entered when such messages areencountered. The table above shows only three fag bits. A system couldhave more or less fag bits as the needs of the particular systemrequire.

[0021] The import point is that the system considers the message sender,the message recipient and the condition of the flags in the data carriedby a digital watermark to determine what action should be taken. Thedigital watermark can be carried by the message using any of the knownways of watermarking a document. For example, it can be carried bymodulating the width of lines or by modulating the luminosity of pixelsin an image or by a watermark in audio data.

[0022] In alternate embodiments of the invention, the confidentialitystamp could include a watermark in an image by means other than usingline width modulation as described with respect to the first embodimentof the invention. The background of the stamp could include aconventional image carrying a conventional watermark.

[0023] In an alternative embodiment of the invention, rather thanchecking for a digital watermark, the system could check for a textstring such as “confidential” and take action in response to locatingsuch a text string.

[0024] The above described embodiments relate to controlling thedissemination of information; however, it should be understood that theinvention could be applied in similar manner to control the receipt ofconfidential information or to control the action taken when messagescontaining watermarks are received.

[0025] While the previously described embodiments apply to e-mailsystems, similar precautions could be taken with FTP servers or with Webservers.

[0026] While the invention has been shown and described with respect tovarious preferred embodiments, it should be understood that variouschanges in form and detail could be made without departing from thescope and spirit of the invention.

I claim:
 1. An electronic messaging system including a mail server whichsends and receives messages, said mail server including a watermarkreading program which reads watermarks in said messages and whichcontrols the distribution of said messages in response to data in saidwatermarks.
 2. A system which includes an e-mail server connected to theInternet means for transmitting messages from individual user to saide-mail server, watermark detecting means for detecting and readingwatermarks in e-mail messages before such messages are transmitted fromsaid e-mail server to the Internet, means for preventing thetransmission of messages from said e-mail server to the Internet if saidwatermark detecting means detects a watermark which has an indicationthat the message containing said watermark is confidential.
 3. A systemfor controlling the distribution of electronic messages that containconfidential information, each electronic message containingconfidential information including a digital watermark carrying datathat indicates that the message is confidential, a server whichtransmits and receives messages, said server including a watermarkreading program which reads watermarks in messages and controls thedistribution of such messages in accordance with the data carried by anywatermarks in the messages.
 4. The system recited in claim 4 where themessages are transmitted over the Internet.
 5. A method of controllingthe distribution of electronic messages that contain confidentialinformation, said messages containing digital watermarks which carrydata indicating that the message contains confidential information,reading watermarks in messages prior to transmission of said messages,and controlling the distribution of each electronic message whichcontains a watermark in response to the data carried by the watermark inthe message.
 6. The method recited in claim 5 wherein said messages aretransmitted over the Internet.
 7. The method recited in claim 5 whereina data base is interrogated to determine the action to take with aparticular message.
 8. The method recited in claim 5 wherein the actiontaken with respect to a particular message is dependent on the identityof the sender, the identify of the receiver and information carried bythe watermark.
 9. The method recited in claim 5 wherein the action takenwith respect to a particular message is dependent on the identity of thesender, the identify of the receiver, information carried by thewatermark, and information stored in a data base.
 10. A method oftransmitting electronic messages from a sender to a receiver whichcomprises, detecting and reading digital watermarks contained in suchmessages to determine how the flags in such watermarks are set,interrogating a data base to determine what action should be taken witha message based upon the identity of the sender, the identity of thereceiver and the flag settings in the watermark in the message.
 11. Themethod specified in claim 10 recited in claim 10 wherein said messagesare transmitted over the Internet.
 12. The method recited in claim 10where the data carried by said watermark indicates if the messagecontains confidential information.